If it’s time to construct your container strategy, a few key decisions will provide the blueprint to make it a success.

The tips excerpted here come from the “DZone Guide to Containers: Development and Management.” They were written by Jim Bugwadia, founder at Nirmata, a San Francisco bay area startup providing multi-cloud container services.

Developed in partnership with companies including Oracle, Platform9, Chef, Cloud Foundry the 58-page ebook is free with registration. In addition to a survey of over 500 tech professionals about how they’re using containers today, the book features chapters on Istio service mesh for containers, a deep dive into deployments and a comparison of Kubernetes, Docker Swarm and Amazon ECS.

Leverage best-of-breed infrastructure

The first consideration is whether to use the storage and networking services offered by your current cloud provider. Bugwadia says it’s a good idea to prioritize a vendor-native approach. “Rather than run an overlay network in AWS, it may be best to use the Kubernetes CNI (Container Network Interface) plugin from AWS that offers native networking capabilities to Kubernetes.”

Manage your own upstream Kubernetes versions

When trying to stay on board a rapidly changing open source project, another important decision is whether to team up with a vendor or drink directly from upstream. “The best bet is to provide teams with the flexibility of choosing multiple validated upstream releases, or trying newer versions as needed at their own risk,” Bugwadia says.

Standardize cluster deployments via policies

There are a several important decisions to make when in-stalling a Kubernetes cluster, he says, including which version of Kubernetes, networking, storage, ingress, monitoring and logging.

Provide end-to-end security

Again, there are a number of important decisions to make including: image scanning and provenance, host and cluster scanning, segementation and isolation and identity management and access controls.

Centralize application management

“As with security, managing applications on Kubernetes clusters requires a centralized and consistent approach. While Kubernetes offers a comprehensive set of constructs that can be used to define and operate applications, it does have a built-in concept of an application,” Bugwadia notes.